AD Enterprise versus Endpoint Investigator
Does anyone have any opinions on AD Enterprise versus Endpoint Investigator? We currently use EnCase Basic for remote acquisitions/forensics. But since EnCase Basic has been replaced with Endpoint Investigator (and won't support macOS Catalina 10.15) we are evaluating which product we would will be moving to. AXIOM doesn't anticipate a solution until late 2020 from what I've determined. Any words of wisdom between these 2 products would be greatly appreciated.
Can you confirm what you mean by "Endpoint Investigator (and won't support macOS Catalina 10.15)"
If you are talking about Agent deployment and running on the Mac endpoint for remote acquisitions and forensics, I believe the recent release (8.11) of Endpoint Investigator has the agent that will run on Catalina.
Have you reached out recently to OpenText?
I have never used AD Enterprise, but have EnCase Endpoint Investigator/Forensic.
Other threads on this forum have commented about remote preview and acquisition of a Mac with a T2 chip, which was demonstrated at EnFuse using a beta of Encase.
We’ve heard consistently from our customers that they don’t have a satisfactory solution for remote acquisitions of macOS devices, and AXIOM may be an option sooner than you think ) . We’ll be formally launching AXIOM Cyber soon, and the team is already hard at work on adding support for macOS devices to the remote acquisition capability in AXIOM Cyber, with a focus on logical file collections. We’re hoping to have early access to this capability as soon as the Magnet User Summit 2020 in May. Hope to see you there!
When I researched with your team early last year they were anticipating having something available in 2Q2020 or 3Q2020. Unfortunately, we are looking for a solution sooner than that.
Thanks for the response.
Yes I am talking about the Agent deployment and running on the Mac endpoint for remote acquisitions and forensics. We currently use Encase Basic which is the predecessor to Endpoint Investigator (EI). Unfortunately, according to OpenText the Encase Basic servlet does not support APFS (and is generating errors on our Catalina endpoints) but EI does. However, the cost to switch from Encase Basic to EI will be significant which is the reason we are evaluating EI versus Access Data's Enterprise tool. In addition, we have had quite a few issues with OpenText's technical support team that we never encountered with when they were Guidance Software.
Any additional feedback would be welcome.
We had the same issue as you noted with the support (Especially when Guidance was being bought). We have since migrated to AD Enterprise, (as well as AD E-Discovery) however, we are not looking at APFS systems. We have been using the AD Enterprise and have used the remote acquisition on numerous systems with some issues and successes. AD Enterprise does have servlets for Mac system, however we have not used them. For the initial review, AD took more time than Encase Enterprise. The issue is when you go to acquire, then it is really slow. If you lose connection to the host, you will need to re-acquire from the beginning.
Have you looked into F-Response and X-Ways?